When you add preferred servers (Configure | Preferred server), you also provide credentials that devices should use when accessing the preferred server. For security reasons, make sure these credentials provide read-only access. Devices obtain these credentials from the core and use them to authenticate with that preferred server. When using preferred servers added to the Server Credentials dialog, you no longer have to configure your package shares to be null-session shares, as was necessary with previous versions. As long as the credentials you provide for the preferred server work with the package share, managed devices should be able to access the share.
Clients contact the core’s HTTPS web server. Clients authenticate by listing trusted certificate hashes. If there’s a match, the core passes the credentials configured in the preferred server configuration dialog.
UNC authentication occurs in this order:
- Mapped drive, if available
- Current user’s credentials
- UNC authentication with credentials from the preferred server dialog.
If the current user account exists on the preferred server but the passwords aren’t the same in both locations, UNC authentication will fail. To prevent this from happening, configure a unique account for UNC authentication. Along the same lines, if the user already has a drive mapped to the preferred server and those credentials don’t allow access to the package share, UNC authentication will also fail. UNC authentication can’t disconnect existing conflicting connections.
The Web console uses COM+ to provide the user for authentication.
Connections established through UNC authentication are dropped when the file transfer completes.